SourceCodester Lost and Found Information System GET Parameter sql injection
Description
A vulnerability, which was classified as critical, has been found in SourceCodester Lost and Found Information System 1.0. Affected by this issue is some unknown functionality of the file admin/?page=items/view_item of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-228980.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
SQL injection in SourceCodester Lost and Found Information System 1.0 via the `id` parameter in `view_item.php` allows remote attackers to extract database contents.
Vulnerability
The vulnerability resides in the admin/?page=items/view_item endpoint of SourceCodester Lost and Found Information System version 1.0. The id GET parameter is passed unsanitized into a SQL query, allowing an attacker to inject arbitrary SQL commands. Proof-of-concept imagery has been publicly disclosed [1].
Exploitation
An attacker can exploit this remotely without authentication by sending a crafted HTTP GET request to the vulnerable endpoint with malicious SQL in the id parameter. The exploit has been publicly released [1], making the attack trivial to reproduce.
Impact
Successful exploitation allows an attacker to read, modify, or delete arbitrary data in the underlying database, potentially exposing sensitive information such as user credentials, personal details, and application secrets. The vulnerability is rated critical (CVSS 9.8) [1].
Mitigation
No official patch has been released as of the publication date (2023-05-14). Users should restrict network access to the application, apply input validation on the id parameter, or migrate to an alternative solution if the vendor does not provide a fix. The CVE is not listed in CISA's Known Exploited Vulnerabilities catalog.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: = 1.0
- SourceCodester/Lost and Found Information Systemv5Range: 1.0
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
3- github.com/tht1997/CVE_2023/blob/main/Lost%20and%20Found%20Information%20System/img/view_item.pngmitreexploit
- vuldb.commitresignaturepermissions-required
- vuldb.commitrevdb-entrytechnical-description
News mentions
0No linked articles in our index yet.